<?php

// DefinitiveCMS: Docs Subsystem
require_once ("header.php");
$pageurl = "docs.php";

ob_start();
//////////////////////////////////////////////////////////////////////////////
?>
<h2><?php echo $config_docs_title; ?></h2>
<?php

$act = '';
if (isset ($_GET['act']))
	$act = $_GET['act'];
$parent = 0;
if (isset ($_GET['parent']))
	$parent = addslashes($_GET['parent']);

/////////////////////////////////////////////////////////////////////// UPLOAD
if ($act == 'confirmupload')
{
	$name = $_FILES['filedata']['name'];
	$filetimestamp = date("U");
	$filenameparts = explode('.', $name);
	$extension = $filenameparts[count($filenameparts) - 1];
	$newpath = "userfiles/" . $filetimestamp . '.' . $extension;
	move_uploaded_file($_FILES['filedata']['tmp_name'], $newpath);
	$parent = addslashes($_GET['parent']);
	$title = addslashes($_POST['title']);
	$insertquery = "INSERT INTO dcms_docs (title, url, parent, security_level, security_group) VALUES (" .
	"'$title', '$newpath', $parent, 'member', 0)";
	$error = '';
	if (!file_exists($newpath))
		$error = 'failed';

	if ($error != '' || !mysql_query($insertquery))
	{
		echo "<p style=\"color: #F00;\">Het uploaden van het bestand is helaas mislukt. ";
		echo "Gelieve het een andere keer opnieuw te proberen of contact op te nemen met de webmaster.</p>";
	}
	$act = '';
}
/////////////////////////////////////////////////////////////// CONFIRM REMOVE
else
	if ($act == 'remove')
	{
		$id = addslashes($_GET['id']);
		$docinfo = query_to_hash("SELECT url, title, parent FROM dcms_docs WHERE id=$id");
		if ($docinfo !== false)
		{
			unlink($docinfo['url']);
			sp_delete_id('dcms_docs', $id);
			echo "<p style=\"color: #090;\">Het bestand '$docinfo[title]' werd succesvol verwijderd.</p>";
			$parent = addslashes($docinfo['parent']);
		}
		$act = '';

	}
///////////////////////////////////////////////////////////////////////// LIST
if ($act == '')
{
	$config_docs_roottitle;
	$parentinfo = array (
		'title' => $config_docs_roottitle,
		'url' => '',
		'parent' => 0,
		'security_level' => 'public',
		'security_group' => 0
	);
	if ($parent > 0)
		$parentinfo = query_to_hash("SELECT title, url, parent, security_level, security_group FROM dcms_docs WHERE id=$parent");

	if (check_permission_array($parentinfo))
	{
		$result = mysql_query("SELECT id, title, url, parent, security_level, security_group FROM dcms_docs WHERE parent=$parent ORDER BY url DESC, title ASC");
		$items = '';
		$count = mysql_num_rows($result);
		while ($row = mysql_fetch_array($result))
		{
			if (check_permission_array($row))
			{
				$folder = ($row['url'] == '');
				$url = ($folder ? "docs.php?parent=$row[id]" : $row['url']);
				$items .= get_template("docs_item.inc", array (
					'$title' => $row['title'],
					'$url' => $url,
					'$folder' => ($folder ? "true" : "false"),
					'$id' => $row['id']
				));
			}
		}
		$uploadform = '';
		if (check_permission('admin', 0))
		{
			$uploadform = get_template("docs_upload.inc", array (
				'$parent' => $parent
			));
		}

		render_template("docs.inc", array (
			'$title' => $parentinfo['title'],
			'$count' => $count,
			'$items' => $items,
			'$parenturl' => "docs.php?parent=$parentinfo[parent]",
			'$uploadform' => $uploadform
		));
	}
	else
	{
		echo "You are not allowed to view this page.";
	}
}
//////////////////////////////////////////////////////////////////////////////
$pagecontent = ob_get_clean();

render_template("header.inc", array (
	'$title' => $config_docs_title
));
render_template("body.inc", array (
	'$title' => $config_site_name,
	'$menu' => generate_menu(),
	'$login' => generate_login(),
	'$content' => $pagecontent
));
render_template("footer.inc", array ());
?>
